US8566957B2ActiveUtilityA1

Authentication system

Assignee: NANDAKUMAR GOPALPriority: Oct 23, 2011Filed: Oct 23, 2011Granted: Oct 22, 2013
Est. expiryOct 23, 2031(~5.3 yrs left)· nominal 20-yr term from priority
G06F 21/31G06F 2221/2103
76
PatentIndex Score
5
Cited by
44
References
17
Claims

Abstract

A system and method whereby the identity of a person, entity, device or the like attempting to gain access to a secured resource may be securely authenticated includes a means for receiving from a service client a request for access to a secured resource; means for generating and communicating to the purported authorized user a challenge string adapted to provide a basis for authenticating the identity of the requester; a means for receiving from the service client a response string corresponding to the challenge string; and a means for evaluating the response string to authenticate the identity of the requester. The secured resource has a common identifier by which it may be generally identified outside of the authentication system, but the request for access lacks sufficient information content for the service client to be able to determine the common identifier.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An authentication system for authenticating the identity of a requester of access to a secured resource, said authentication system comprising:
 a client gateway having a first set of instructions embodied in a computer readable medium, said first set of instructions operable to receive from a service client a request for access to a secured resource, said request for access having been submitted to said service client by a requester purporting to be an authorized user of said secured resource; 
 a server in secure communication with said client gateway, said server having a second set of instructions embodied in a computer readable medium operable to generate a challenge string, said challenge string being a random string having a plurality of symbols, wherein at least one of the symbols of said challenge string is a specially designated symbol; 
 a messaging gateway in secure communication with said server and connected to at least one other communication channel, said messaging gateway having a third set of instructions embodied in a computer readable medium operable to communicate said challenge string to said authorized user that said requester purports to be; 
 wherein said first set of instructions is further operable to receive from said service client a response string corresponding to said challenge string; and 
 wherein said second set of instructions is further operable to evaluate said response string to authenticate the identity of said requester; wherein:
 said secured resource comprises a common identifier by which said secured resource may be generally identified outside of said authentication system; and 
 said request for access comprises insufficient content for said service client to determine said common identifier. 
 
 
     
     
       2. The authentication system as recited in  claim 1  wherein said second set of instructions is further operable to determine from among a plurality of secured resources associated with said authorized user the identity of a single secured resource to which said requester requests access. 
     
     
       3. The authentication system as recited in  claim 2 , wherein said second set of instructions is further operable to determine a priority value for each of said plurality of said secured resources. 
     
     
       4. The authentication system as recited in  claim 2 , wherein said second set of instructions is further operable to determine said single secured resource includes instructions to:
 generate an inquiry message; 
 transmit said inquiry message to said service client for presentation to said authorized user; and 
 receive a response to said inquiry message from said service client and determine based upon said response to said inquiry message the identity of a single secured resource to which said requester requests access. 
 
     
     
       5. The authentication system as recited in  claim 2 , wherein said second set of instructions further includes instructions operable to generate a plurality of challenge strings, each one of said plurality of challenge strings being associated with a single one of said plurality of secured resources. 
     
     
       6. The authentication system as recited in  claim 1 , wherein said second set of instructions includes instructions operable to invalidate said response string based upon passage of time. 
     
     
       7. The authentication system as recited in  claim 1 , said second set of instructions operable to conduct for the benefit of said service client a transaction reliant upon access to said secured resource. 
     
     
       8. The authentication system as recited in  claim 7 , said second set of instructions further operable to:
 generate a receipt for said transaction; and 
 transmit said receipt to said authorized user. 
 
     
     
       9. The authentication system as recited in  claim 7 , wherein said transaction comprises providing a financial benefit. 
     
     
       10. The authentication system as recited in  claim 9 , wherein said secured resource comprises a payment resource selected from the group consisting of:
 a credit card account; 
 a banking account; and 
 an automated teller machine account. 
 
     
     
       11. The authentication system as recited in  claim 9 , wherein said service client comprises a vendor selected from the group consisting of:
 a retail store; 
 a service station; 
 an on-line service provider; and 
 an on-line merchandiser. 
 
     
     
       12. The authentication system as recited in  claim 7 , wherein said secured resource comprises a medical record. 
     
     
       13. The authentication system as recited in  claim 12 , wherein said service client comprises an information consumer selected from the group consisting of:
 a healthcare provider; and 
 a medical insurer. 
 
     
     
       14. The authentication system as recited in  claim 7 , wherein said secured resource comprises an information product. 
     
     
       15. The authentication system as recited in  claim 14 , wherein said information product comprises a credit card. 
     
     
       16. The authentication system as recited in  claim 1 , said second set of instructions further operable to establish a test adapted to detect the existence of a spoofing type deception. 
     
     
       17. The authentication system as recited in  claim 16 , wherein said test adapted to detect the existence of a spoofing type deception is further adapted to at least in part authenticate the identity of said requester.

Join the waitlist — get patent alerts

Track US8566957B2 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.